PCI DSS stands for Payment Card Industry Data Security Standard. It is a set of technical and operational requirements to protect cardholder and sensitive authentication data. It's set by the Payment Card Industry Security Standards Council (PCI SSC), an independent body founded by the major credit card brands – American Express, Discover, JCB International, Mastercard, UnionPay and Visa Inc.

Merchants must provide proof of compliance for each payment provider they use. Paysafe's PCI DSS covers card payments processed in a Paysafe merchant account. This includes all credit cards brands - Visa, MasterCard, American Express, Discover Network, JCB. It includes debit & credit cards, gift cards, and prepaid cards. Organizations that use Paysafe to process debit and credit card payments must log in to the Paysafe PCI portal to provide proof of compliance, in the form of:

Click here and scroll down for resources and FAQs from the PCI SSC's website.

Paysafe has partnered with VikingCloud (the leading 'predict-to-prevent' cybersecurity and compliance company) to provide the Paysafe PCI portal to support merchants with their Paysafe PCI DSS compliance. We'll work together to help you with this process.

The invitation for the PCI portal is sent to the main contact email that was provided at the time the merchant account was opened. If you're unsure which contact email was provided or if the contact email needs to be updated/changed, let us know.

If the contact email is correct but you want someone else to do the assessment, you must add them as a user to the portal. Adding a user to the portal doesn't make them the main contact. Contact us if you wish to change the main contact.

If you didn't receive an invitation to join the PCI portal, please start a chat with the Amilia SmartRec support team and type 'agent' to speak with a person.

Please start a chat with our support team and we'll be happy to help. However, the invitation email IS NOT SENT to the new main contact. After the main contact has been changed, they must visit the PCI portal login page and click 'Forgot password'. An email will then be sent so they may configure their login credential.

You can add additional users to log into the PCI portal as well as receive a copy of the communications. To add another user to the portal, click on the silhouette icon in the upper right corner, then 'Users', and then 'Create new user'.

The contact is sent a reminder every week to log into the PCI portal to complete the assessment, until both the questionnaires (business profile and security assessment) have been answered.

A PCI DSS assessment must be completed for each merchant account. If a Federation uses one merchant account for all its clubs, then the Federation is responsible for completing the PCI DSS business profile and security assessment.

If each club has its own merchant account, in that case the club is responsible for logging into the PCI portal and completing the PCI DSS business profile and security assessment.

The payment card industry (PCI) sets compliance requirements and dictates penalties for non-compliance, which are in turn administered by the payment processor (i.e., Paysafe). There are monthly fees to use the PCI portal, but Amilia SmartRec absorbs these fees for each merchant.

However, there are non-compliance fees if Paysafe's PCI requirements aren't completed in a timely manner. These taxable fees will appear on the monthly Amilia invoice as its own line item (PCI non-compliance fee) under the Network assessment fees.

If your organization is in the United States, monthly penalties of $34.95 (USD) will be applied if you don't complete the assessment.

If your organization is in Canada, monthly penalties of $45.95 (CAN) will be applied if you don't complete the assessment.

SAQ is an acronym for 'Self-Assessment Questionnaire'. The SAQ type refers to the type of security assessment that merchants completed based on how they handle card payments processed in their Paysafe merchant account.

Merchants using Amilia SmartRec fall into one of three SAQ types:

For more details on each SAQ type, please see the glossary in the PCI portal.

PCI 4.0 came into effect in April 2024. Merchants who already completed their compliance prior to this date are good to go until their renewal date in 2025. Merchants who haven't started their questionnaires will be presented with the 4.0 version of the questionnaires.

Merchants who started their business profile and/or security assessment but stopped halfway may click on their Business profile and reset the questionnaire to load the improved (and simpler) 4.0 version of the questionnaire.

If existing merchants in the US, boarded with Merrick Bank or Vantiv (prior to 2021), want to move to BBVA bank to unlock the ability to use Pax terminals and AMEX, there will be a process by which Paysafe can move the compliance documentation over to their new BBVA MID. Please start a chat with our support team if this is the case.

If your organization obtained an Attestation of Compliance (AOC) for its Paysafe merchant account(s) outside of the PCI portal, then you can upload it to the PCI portal.

Remember, an AOC is only good for a period of one year. You must return to the PCI portal to renew it each year.

To upload your AOC, click 'Manage' on the business profile and on the 'Choose an assessment method' page, you will have the option to upload the document.

Transmitting sensitive cardholder information by mail or telephone order is a security risk to your organization and your customers. Don't select this option.

When responding to how you accept card payments, select whether you accept card payments face to face (with an integrated A920 PAX terminal), in the Amilia SmartRec e-Commerce store, or both.

When completing the security assessment, you must specify the title and name of the individual serving as your Merchant Executive Officer. This could be the person who signed your merchant application, or who holds executive authority within the organization. For smaller organizations, this could be the owner. For larger organizations, this could be a director, executive or someone with authority on your finance team.